37450534b33aceb1c8a1ff16199a61342ed11ab9b8aaae8d7de4559e282658c2 | Triage

Analysis

max time kernel
119s
max time network
138s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
11/10/2023, 22:50

Sharing

Report Analysis Logs

General

Target

minehax botnet.exe
Size

917KB
MD5

3d8173d642ae44cbba012f79bba4dc70
SHA1

02fd3292e7dd3a7f86042abb0270d3a7116c594a
SHA256

37450534b33aceb1c8a1ff16199a61342ed11ab9b8aaae8d7de4559e282658c2
SHA512

ecdb03b56981caa3d447359ea391b902ae4fb9da6fcb5937a1281c352342fe5fb3fd968f843d8aebbbd4e584ab2bb92579e0cb2ef9e2ec9ed3e130f7eff68790
SSDEEP

24576:bPD+wtAMcpZiE8yewphqBppiU7hKaqQtys8wWCzH73:/buMcpZiE8yewphqBppiU7hKL4WoH7

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2072	2432	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2432 wrote to memory of 2072	2432	minehax botnet.exe	28
PID 2432 wrote to memory of 2072	2432	minehax botnet.exe	28
PID 2432 wrote to memory of 2072	2432	minehax botnet.exe	28
PID 2432 wrote to memory of 2072	2432	minehax botnet.exe	28

C:\Users\Admin\AppData\Local\Temp\minehax botnet.exe
"C:\Users\Admin\AppData\Local\Temp\minehax botnet.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2432
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 556
  2⤵
  - Program crash
  PID:2072

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2432-0-0x0000000074420000-0x0000000074B0E000-memory.dmp

Filesize
6.9MB

Download
memory/2432-1-0x0000000000080000-0x000000000016A000-memory.dmp

Filesize
936KB

Download
memory/2432-2-0x0000000074420000-0x0000000074B0E000-memory.dmp

Filesize
6.9MB

Download